Postfix anti-antivirus (was Re: [linux-elitists] procmail recipe for mydoom?)

Gerald Oskoboiny gerald@impressive.net
Mon Feb 9 14:14:40 PST 2004


[overquoting a bit cuz this thread is stale, sorry]

* Jeff Waugh <jdub@perkypants.org> [2004-02-04 16:21+1100]
> <quote who="Tilghman Lesher">
> 
> > As others have already remarked, discarding emails automatically is a bad
> > thing.  For those times when your filter catches a false positive, it's
> > better to bounce the message than to silently discard it, as, at the very
> > least, the sender will know that you didn't receive his/her message.
> 
> Why would you have SMTP-time filters that might catch a false positive? How
> would you get a false positive of a forged-sender worm email when you're
> catching them on specific, identifiable chunks of the data?
> 
> Anything that might get a false positive (such as virus scanners and spam
> detection software such as spamassassin) should immediately be relegated to
> post-MTA admin policy land, not SMTP-time MTA protection land.
> 
> Discarding worm and spam emails is a good thing, and you can easily do that
> at SMTP time, using only the MTA, without any external daemons involved, and
> without false positives. Anything that gets past the MTA can happily go off
> to admin-defined policy fuckage or cleanage with all the resources required
> by your AV and anti-spam software (safely on disk and queued).

How do you easily discard spam at SMTP time in the MTA, without
false positives?

(maybe contact me off-list; I think that knowledge is currently
worth a few billion dollars)

I agree that it's better to discard viruses that you can identify
reliably, but that still makes me uncomfortable.

-- 
Gerald Oskoboiny <gerald@impressive.net>
http://impressive.net/people/gerald/



More information about the linux-elitists mailing list